MOBILE DEVICE SECURITY, FORENSICS AND PENETRATION TESTING

SHE Level 4
SCQF Credit Points 20.00
ECTS Credit Points 10.00
Module Code MHI123697
Module Leader Omair Uthmani
School School of Computing, Engineering and Built Environment
Subject Cyber Security and Networks
Trimester
  • B (January start)

Pre-Requisite Knowledge

Network Penetration Testing and Ethical Hacking, Digital Forensics Analysis

Summary of Content

The security/forensics landscape continues to evolve. With the increasing prevalence of mobile devices, there is a demand for the skills required to identify the vulnerabilities and recovery potential sources of evidence. This module develops a more advanced level of analysis of digital forensics and penetration testing, focusing specifically on mobile devices. This module strengthens a student's knowledge and deepens understanding and reasoning by introducing them to alternative environments (mobile devices). From an analysis perspective, this module examines the future of digital crime and the security and forensic response to these threats, together with the evolving and expanding techniques. The ethical and professional issues/requirements of the Digital Forensics practitioner are incorporated throughout the syllabus.

Syllabus

Emerging Digital Technologies - A review of digital technology from a forensic perspective; forensic handling of digital devices and new technologies (i.e., mobile devices, cloud computing); core forensic methodology as it relates to mobile devices when conducting a manual triage inspection; logical forensic examination, and in-depth forensic analysis of physical memory; overview of memory, data storage and manipulation; dealing with password protection, encryption and removable media. -284 Advanced Data Analysis Methodologies - Conduct analysis of acquired data, live data, log files, database structures and source code; utilise a variety of tools to extract relevant data quickly and effectively from complex technical sources. -284 Mobile Security, Malware & Penetration Testing - Evaluation of mobile device technologies focusing on their potential security flaws. Review the possible threats affecting mobile devices and identify how attacks are performed through these systems. Assessment of mobiles security through penetration testing. Investigate the effect of malware targeted at mobile Operating Systems. -284 Legal & Ethical Issues - Reinforce understanding and application of law, legal and ethical issues related to forensic science.

Learning Outcomes

The intended learning outcomes are that on completion of this module the student should be able to - 1. Demonstrate a critical understanding of technical concepts, implementation and restrictions of mobile devices.2. Demonstrate a critical understanding of the infrastructure and protocols used to support a mobile device's deployment and consider their security flaws 3. Undertake advanced digital forensic examination and analysis of mobile devices through the use of appropriate tools whilst preserving evidential integrity.4. Assess mobile device security through the use of appropriate penetration testing methods.5. Consider ethical issues involved and critically evaluate professional requirements of a security and forensic practitioner.

Teaching / Learning Strategy

Learning and teaching will take place through a variety of mechanisms, including lectures, seminars, with and associated practical sessions, research into current developments and issues, and case studies. This module emphasises an active "hands-on" approach to learning. Case studies will be used formatively in tutorials throughout the module in order to promote application of knowledge to specific problems and encourage discussion. Topics will be introduced in lectures and discussed through guided inquiry learning activities. Key concepts of knowledge and understanding will be re-enforced and consolidated through the critical analysis and discussion of case studies in tutorials that are designed to explain and elaborate both on lecture and laboratory content. Additionally directed learning will reinforce essential theory and place understanding into context. Independent study will be encouraged to satisfy the student's own interests. A Virtual Learning Environment (VLE) will also be used that will provide access to a range of relevant learning resources and materials to enhance the teaching strategy. Managed blended learning environments will be used to consider material and provide the capability for on-line reflection of material related to learning outcomes, and enable peer support. Feedback will be implemented via a combination of generic feedback, and verbal feedback during tutorials and laboratory sessions together with self assessment and peer review exercises to help the student to assess their understanding of material and to develop their learning strategy. The subject discipline is continuously developing, evolving and changing and as a result students will be expected to keep up to date with developments through independent research. Students will be encouraged to adopt an independent learning style, acquiring and applying knowledge through their own research and enquiry, supported by a series of guided activities and exercises. Students will be encouraged to share the findings of their research through seminar presentations and participation in on-line discussions with the rest of the student cohort. The material presented in this module is potentially damaging if used maliciously and the capabilities developed in this module have potential for harm. Academics will emphasise the professional expectations of students and of persons working in this domain as well as stressing the students' ethical and moral responsibilities to themselves and others, including the School and the University.

Indicative Reading

Casey (2011) Digital Evidence and Computer Crime, Third Edition, ACADEMIC PRESS (0123742684) Androulidakis (2012) Mobile Phone Security and Forensics, SPRINGER (9781461416494) Morrissey (2010) iOS Forensic Analysis for iPhone, iPad & iPod Touch, APRESS (1430233427) Hogg & Strzempka (2011) iPhone and iOS Forensics, SYNGRESS (1597496596) Hogg (2011) Android Forensics, SYNGRESS (9781597496513) In addition to the references above several online resources (blogs, journals, websites, etc.), which reflect up to date understanding in the field, will be provided to students.

Transferrable Skills

Traditional Academic Skills - specialist knowledge, ability to apply knowledge, logical thinking, critical analysis, problem-solving, written and spoken communication, ability to use numerical data, and research skills -426 Personal Development Skills - self-confidence, self-discipline, self-reliance, awareness of strengths and weaknesses, creativity, independence, knowledge of international affairs, desire to go on learning, ability to reflect, reliability, integrity, honesty and regard for others -426 Enterprise Or Business Skills - ability to prioritise tasks, time management, interpersonal skills, presentational skills, ability to work in teams and leadership

Module Structure

Activity Total Hours
Practicals (FT) 24.00
Assessment (FT) 20.00
Lectures (FT) 24.00
Tutorials (FT) 12.00
Independent Learning (FT) 120.00

Assessment Methods

Component Duration Weighting Threshold Description
Exam (Exams Office) 2.00 60.00 35% Unseen written exam
Coursework 1 n/a 40.00 35% Practical Work